Overview

overview

10

Static

static

3

ebd7bf3cdf...3N.exe

windows7-x64

10

ebd7bf3cdf...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebd7bf3cdf25917a90484e249e85b785e30fad161e69311ddfb87605ebd2c923N.exe

  • Size

    134KB

  • Sample

    241130-hwrqfsslbm

  • MD5

    9b27127591a120499a78544b18d7a5b0

  • SHA1

    3be1098f610d5418ca69bdf087fbd726753ea648

  • SHA256

    ebd7bf3cdf25917a90484e249e85b785e30fad161e69311ddfb87605ebd2c923

  • SHA512

    27e1ddbb60fc061d7aac00cf909c66538bde43151e1e8a0376f479f60e557fb755caa1721f51975187fb0ff94faaa3377929f0e0f912f2c9f53f42f88d035ba3

  • SSDEEP

    1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTWiR1:mtWZqwoa9Xa1Idart19u1

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      ebd7bf3cdf25917a90484e249e85b785e30fad161e69311ddfb87605ebd2c923N.exe

    • Size

      134KB

    • MD5

      9b27127591a120499a78544b18d7a5b0

    • SHA1

      3be1098f610d5418ca69bdf087fbd726753ea648

    • SHA256

      ebd7bf3cdf25917a90484e249e85b785e30fad161e69311ddfb87605ebd2c923

    • SHA512

      27e1ddbb60fc061d7aac00cf909c66538bde43151e1e8a0376f479f60e557fb755caa1721f51975187fb0ff94faaa3377929f0e0f912f2c9f53f42f88d035ba3

    • SSDEEP

      1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTWiR1:mtWZqwoa9Xa1Idart19u1

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks